1. Home
  2. Mapping Frameworks
  3. M365 Home
  4. Safe Links

M365 DO365-SL-E3 Mappings

Safe Links scans incoming email for known malicious hyperlinks. Scanned URLs are rewritten or wrapped using the Microsoft standard URL prefix: https://nam01.safelinks.protection..com. After the link is rewritten, it's analyzed for potentially malicious content.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
DO365-SL-E3 Safe Links Technique Scores T1204 User Execution
DO365-SL-E3 Safe Links Technique Scores T1204.001 Malicious Link
DO365-SL-E3 Safe Links Technique Scores T1566 Phishing
DO365-SL-E3 Safe Links Technique Scores T1566.002 Spearphishing Link
DO365-SL-E3 Safe Links Technique Scores T1534 Internal Spearphishing